PP-SDLC The privacy protecting systems development life cycle

Abstract

Many new Privacy Laws and Regulations have placed an increased importance on the correct design and implementation of information systems. This is an attempt to preserve and protect user and information privacy. Incorporating privacy regulations and guidelines into an active information system is often unsuccessful and ineffective. In addition, systems that have already progressed through the development life cycle can very expensive to change once implemented. We propose the integration of privacy preservation methodologies and techniques into each phase of the system development life cycle (SDLC). This is to preserve the privacy of individuals and to protect PII (Personally Identifiable Information) data. The incorporation of IT Security measures in each SDLC phase is also discussed. This is due to its direct relevance and correlation with information system privacy issues. The proposed methodology involves identifying the privacy and security issues in each phase. From there appropriate privacy protecting and security techniques are applied to address these issues. Special mention is made of the recently proposed Common Criteria. The CC is an international standard for IT Security for Information Systems. Specifically, this paper will analyse the way the Common Criteria currently deals with privacy in information systems, and what is needed to improve its current inadequate handling of information privacy.